Home opinion-and-analysis Open Sauce Secure boot: Linux is at Microsoft's mercy

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Linux companies or organisations that have paid for, and obtained, keys from Microsoft to ensure that their distributions can be booted on secure boot-enabled devices, have to abide by the terms of a contract or else may have their keys revoked.

This much is clear from a message posted to the Linux kernel mailing list by Peter Jones, a kernel developer who works for Red Hat.

In response to a post from Linux filesystem guru Ted Ts'o about the possible revocation of keys, Jones responded: "We've got a pretty good idea - we've got a contract with them (Microsoft), and it says they provide the signing service, and under circumstances where the thing being signed is found to enable malware that circumvents Secure Boot, we'll fix it so it can't be, and we've got a certain amount of time to do so, and processes for working with them, and then at that time blacklists will be issued.

"This is not the precise language from that contract, and I'm not going to go into specifics here."

Jones' post is one of many in a long thread that began with his colleague, David Howells, asking for a particular patchset to be included in the mainline kernel to meet the requirements for secure boot set down by Microsoft. In order to fully meet these, Howells proposed changes that would make it possible for a kernel running in secure boot-mode to dynamically load keys.

"To permit a key to be loaded under such a condition, we require that the new key be signed by a key that we already have (and trust) - where keys that we 'already have' could include those embedded in the kernel, those in the UEFI database and those in cryptographic hardware," Howell wrote.

Secure boot is a feature of the Unified Extensible Firmware Interface, the replacement for the BIOS. Microsoft has implemented secure boot and requires that it be turned on on all hardware that is pre-installed with Windows 8. Hence anyone who wishes to boot an image on such hardware would need to obtain a key from Microsoft.

The Linux response has been driven by corporates who are eager to play ball with a company that has made no secret of its desire to push everyone off the stage and eat the cake all by itself, plate and all. There are developers within the ranks of these companies who have gone along, using as their cover the needs of the user.

Only, when these developers come up against Linux creator Linus Torvalds, their excuses seem to melt away.

One can call some of Torvalds' responses uncivil or crude, one can accuse him of not being an adult. But nobody can doubt the man's integrity. Or the fact that he wants to drive home a point with no margin for misunderstanding.

If anyone has doubts, let's remind ourselves that this is a man who turned down an offer of $US10 million from an entrepreneur in London to lend his name to a fledgling Linux company as a board member back in the days when Linux had yet to take off. Torvalds wasn't well-off at that point in life and had just arrived in the US. He had two small children and a stay-at-home wife.

He could have taken the money. After all, Linux is his baby. Nobody could have accused him of profiting from others' efforts.

Why did Torvalds turn down the money? Let me quote his own words: "I felt pressure to hold my ground within the open source community as someone who could be trusted from both a technology standpoint and an ethical standpoint."

I know, it sounds naive and silly, especially in the wake of the global financial crisis and the weasel words offered in defence of some of the greatest rogues in the history of the world. But that's why people trust him.

When it comes to secure boot, with Linux the matter does not end with booting a disc. There are more issues: hibernation can only be allowed if the image returning from that state is also verifiable. Else it breaks the trust model for secure boot as an unsigned image could well contain rogue code.

Linux has a system call kexec which also poses issues as it can replace the running kernel with a different program. This could also breach the secure boot trust model. These two issues have to be sorted out by Linux developers to meet Microsoft's requirements.

Else that deadline referred to at the beginning of this article could come into effect.

The motives of some of those pushing secure boot and the need to fall in line with the dictates of Microsoft are not clear. And while some of these worthies face little or no opposition when they publicise their work, which is often inaccurate, they tend to be speechless when Torvalds lets loose.

Some of Torvalds' plain speaking was quoted in iTWire a couple of days back. Here's some more, in response to former Red Hat employee Matthew Garrett, who has developed and put online for use by anyone a first-stage bootloader for secure boot-enabled machines.

For example, when the question of protecting the user came up, Garrett wrote: "The user Microsoft care about isn't running Linux. The user is running Windows, and someone's merely using Linux as a vector to launch their backdoored Windows kernel. How do Microsoft protect that user? They blacklist the signature used by that Linux bootloader. If we want to protect the user's ability to boot Linux, we need to protect the Windows users from having Linux used against them."

Torvalds fired back: "How f**king hard is it for you to understand? Stop arguing about what MS wants. We do not care. We care bout the *user*. You are continually missing the whole point of security, and then you make some idiotic arguments about what MS wants you to do.

"It's irrelevant. The only thing that matters is what our *users* want us to do, and protecting *their* rights. As long as you seem to treat this as some kind of "let's please MS, not our users" issue, all your arguments are going to be crap."

In another of his numerous posts to this thread, Garrett wrote: "If the user has explicitly enrolled a hash then they're stepping outside the trust model."

Torvalds responded with another blast. "This is the kind of totally bogus crap that no sane person should ever spout," he wrote. "Stop it.

"If the user has explicitly enrolled a hash, then that should be the *primary* trust model, dammit. That should be very much what you should care about first and foremost, and that should be your goal in life. That's when the user says 'I'm in control of my own machine, and I want to trust *this*'.

"It's not about "stepping outside of the trust model". Quite the reverse. It's about actually being *part* of the trust model, and taking control of your own machine. It's the *good* scenario. It's what you should encourage users to do.

"No, it likely can't be the default because we shouldn't expect users to care enough, but on the other hand the default should definitely *not* be 'enable random third party modules signed indirectly by MS', which is what your crazy world-view seems to be.

"So the first order should be: 'we provide modules to cover all normal users'. You use the RH key for that. The *second* order should be: 'we encourage and tell people how to add their own keys and sign modules they trust'.

"The third order should probably be 'we encourage people to use random one-time keys - probably with UEFI key checking turned off entirely, because let's face it, that doesn't really add any real security for most people'. It's what kernel developers and most servers would probably want to use. They likely don't do the whole UEFI crap anyway, and random one-time keys are actually better against things like rootkits etc than *any* centrally administered chain of trust.

"Only somewhere really really deep down should the 'ok, what about a MS signature' thing be. It could be part of the user-level application (part of your distribution) that displays the 'are you really sure you want to load this module with an unrecognized signature? I can tell that it has a MS signature on it'. But by the time you get this far, you've already failed the first few normal levels."

In the famous tale by Hans Christian Anderson, it was a little boy who had the guts to call out that the emperor had no clothes. This time, it's taken a more seasoned person to do it.

(The mailing list thread referred to in this article is found here and here. Search for "Load keys from PE signed binaries" and read.)

FREE REPORT - IT MONITORING TOOLS COMPARISON

Are you looking to find the most efficient IT Monitoring tool available?

IT Monitoring is an essential part of the operations of any organisation with a significant network architecture.

Multiple IT monitoring platforms are available on the market today, supporting the various needs of small, medium-sized, and large enterprises, as well as managed service providers (MSPs).

This new report studies and compares eight different IT monitoring products in terms of functionality, operations, and usability on the same server platform with 100 end devices.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

Download your free report to find out.

DOWNLOAD!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

Connect